CLOUD INFRASTRUCTURE

Microsoft System Center 2012 Revealed

Microsoft's System Center 2012, which we discussed in Microsoft's System Center 2012: Building A Private Cloud, is the latest attempt by a big vendor to bring private cloud to the masses. While there are many improvements to System Center, building a private cloud using anyone's software is far from easy. At Microsoft's private cloud reviewers' workshop, we got a peek at the sausage factory. There are a lot of components to configure, but Microsoft has done a good job of streamlining many of the

System Center 2012 can do bare-metal provisioning using IPMI. Relying heavily on templates through System Center 2012, you define the skeleton options--such as MAC address, networking and storage--which are resolved either at runtime, such as an IP address via DHCP, or are taken from a template like a host name. What is interesting is that System Center can discover server hardware and make it available.

Inside Virtual Machine Manager, we defined our new hardware host and applied it to a server. You can readily track the progress of the deployment.

In the lab, the hardware wasn't actually available, so it failed. However, you can drill into the task and see exactly which step failed and which steps remain. In our case, PXE boot failed, so we couldn't talk to the server. Note that VMM used BMC to power on the host.

Cloud creation is performed after you define the templates for the underlying hardware. A cloud is just a set of resources that are grouped into a unit. You can then assign them to users and roles. In our case, PrivateCloud20 is using a logical network called Contoso and the lb01.contoso.com load balancer.

We set the capacity for this cloud offering at 12 Gbytes of RAM, total, unlimited storage, and a maximum of 10 virtual machines. All the VMs for this cloud service are based on Hyper-V, but cloud has included Citrix Xen or VMware.

Microsoft's private cloud offering is multitenant by its very nature. IT defines the capacity of a cloud service, and then users and roles are assigned capacity and rights within that cloud. You can define many cloud services that are ultimately shared across the physical infrastructure.

Using quotas, you can offer control how cloud resources are consumed. In this case, this particular role is allowed as much virtual CPU, RAM or storage as needed, but the role is limited to five VMs. That means the role can run only five VMs, regardless of how many users are in the role.

Quotas can be further restricted on a per-user basis. In our case, each member of the role can use 1,024 bytes of RAM and may use only a single VM. This leaves room for other role members to use VMs, and allows us to add additional roles that can use the same cloud service.

Quota management is very dynamic, and administrators with the right access privileges can change these quotas at any time. You will have to think about your quota strategy so that you are managing your resources effectively.

Users can also be restricted to the actions they can take with the cloud service. Consumers of your cloud service should be allowed only limited access, to start and stop their VMs and deploy software. Different administrative roles can be defined. Access controls like these mean IT can delegate cloud management to distributed staff and offload workflows.

Once we defined the hardware templates, we configured the OS images to deploy. If you have ever installed Windows Server 2008, or any Windows server, for that matter, these options will be familiar to you. Tick off what you want. Fill in the server name (which itself can be pre-defined via a template), and you have a stock golden image ready to deploy. What is interesting is that you can patch and reconfigure the image and, when it is active, you can deploy it to your cloud--automatically, if you desire.

This is where we begin to see the dynamism of the System Center. We define the underlying OS and assign an application template, defined elsewhere, to the host. The application template can also have user submitted fields that are filled out when requesting a new service or can be defined for the application.

Must of the output from System Center 2012 is behind-the-scenes, Powershell scripts that that get executed. From what I saw, there is no need to ever look at a script, which is great for those who don't know Powershell. If you do, however, you can customize the scripts to suit your needs. In fact, with Powershell, you can do anything in the GUI in a script, giving IT the potential for deep integration with existing IT systems without relying on third parties. Writing your own Powershell scripts isn't for everyone, however.

In the VMM Service Template, you can visually arrange the various services and customize the options for them quickly and easily. This is one of the final steps before publishing the service in the service catalog and self-service portal. All of the components are already built; here, we are just putting them together. You can easily add more applications as needed.

Bear in mind that we are simply arranging systems together and not affecting application code in any way. The application code has to be written to talk amongst the various services. The best practice is to use names for systems and services, and never to hard-code dependencies. The templates should be able to build and resolve service names and locations dynamically.

While we don't show it, when we publish this application to the self-service portal, users can come to the portal, request an application and fill just a few relevant bits of information such as application name. The tehcincal bits should all be buried out of site. When they request the service, their permissions are validated and the request kicks off a workflow. That work flow could be fully automated or at any point, you could interject a person to take actions. It's entirely up to you.

Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.